Under Personal Information Protection and Electronic Documents Act (PIPEDA), there is nothing that prevents organizations from outsourcing the processing of data inside or outside of Canada—however, organizations must take all reasonable steps to protect that information from unauthorized uses and disclosures when it is in the hands of third party processors. This is where accountability, the first principle in PIPEDA, comes in; and there are obligations to meet regarding training staff that are highly relevant.

Policies are crucial to a successful business. Without them, it’s impossible to consistently control and keep track of all the things that happen day to day. It’s great to see others as excited about the topic as we are at First Reference. Last week, Scott Lowe outlined on TechRepublic, “10 things to consider when creating policies.” And it’s not just IT policy he’s interested in.

The privacy commissioners of Canada, Alberta and British Columbia have developed a guide to help organizations implement an effective privacy management program that meets private-sector privacy legislation and to provide consistent direction on what it means to be an accountable organization when dealing with individuals’ personal information…